So Mailcow will work well behind NPM, that’s no problem. You need to make Let’s Encrypt certificate in NPM, by name mail.domain.com and download that cert from the SSL menu in NPM. Once downloaded you need to copy the file cert1.pem to cert.pem and privkey1.pem to key.pem in the /opt/mailcow-dockerized/data/assets/ssl folder, in place of the ones that probably are already there. Before copying these files do a ‘docker-compose down’, and after having copied the beforementioned certs in the ssl-directory, do a ‘docker-compose up -d’. Now the certs should be good.
In the mailcow.conf file, inde the /opt/mailcow-dockerized directory, set HTTP-PORT to 8090, or any port you don’t already use, HTTP_BIND to 127.0.0.1, HTTPS-PORT to 8443, or another portnumber if already in use, and the HTTPS_BIND to 127.0.0.1.
In NPM set the ‘Destination’ as the Dockercontainer-name or the IP-address of the container, and the portnumber to 8090 (HTTP-PORT in mailcow.conf), block common exploits, set Websockets-support as on, set the SSL certificate and force SSL on the SSL page.
In the router or modem, make sure that all required ports are open and forwarded to the container with NPM (80/443). All other ports for the mailcow-server can be pointed to the ip of the Mailcow Docker container.
Hope this will help! Good luck!